2 matches found
CVE-2018-8046
The CVE-2018-8046 issue affects Sencha Ext JS 4–6 prior to 6.6.0. The getTip() method in Action Columns unescapes HTML-escaped data, enabling cross-site scripting if tooltips contain user-controlled content. Public information confirms vulnerability details and that a fix was released in 6.6.0 (w...
extjs getTip() Cross Site Scripting Vulnerability
Exploit for jsp platform in category web applications A XSS vulnerability exists in the getTip method of Action Columns. The Ext JS framework brings no built-in XSS protection, meaning that developers are responsible for sanitizing their output. However. the method above takes HTML-escaped data a...